The Stuxnet analysis "Stuxnet Under the Microscope" by Aleksandr Matrosov, Eugene Rodionov, David Harley, and Juraj Malcho, has, unlike most ESET white papers, been subject to a number of revisions as we've come to know more about the malware itself, and as the purposes of its perpetrators have become clearer. However, since all the known vulnerabilities exploited by Stuxnet have now been patched, version 1.3x of the document is likely to be the last substantial revision.

On the other hand, we can't help but notice that information, discussion and speculation has by no means dried up. So rather than revise the document every time we see a relevant link and requiring you to download and pore through all those page, we're making a resources list available on this page, and we'll be updating it as necessary and appropriate. This doesn't mean, of course, that we won't update the original report if a more substantial addition or modification becomes necessary.

The list below is essentially the first appendix from the Stuxnet analysis, presenting links to further information and resources in approximately chronological order, and additions will be timestamped and flagged in other blogs and microblogs.

We don't, of course, claim that this list is all-inclusive, and it will be maintained on a "best endeavours" basis as time and other commitments allow. We are not responsible for the content on external sites: nor do we necessarily agree with the opinions and speculations expressed by other individuals and organizations, of course.

Changelog

Two VB presentation links appended on 5th January 2011. And one more from the Washington Times.

Report of a Stuxnet-unrelated vulnerability in SCADA software, a speculative cyberwar link, and some links on Iranian post-Stuxnet "cybermilitia" recruitment appended, 12th January 2011.

Tony Dyhouse writes in SC Magazine about the political implications for the security community of the Stuxnet and Wikileaks incidents. Link appended 14th January 2011.

16th January 2011: appended article "Israel Tests on Worm Called Crucial in Iran Nuclear Delay" by William J. Broad, John Markoff and David E. Sanger.

17th January 2011: appended several links relating to the New York Times article flagged on the 16th January – one from Heise (in English), one from The Register, plus three links from the Spanish press courtesy of Josep Albors (and Josep's own blog on the subject). The Register and SC Computing commented on a study by OECD (Organization for Economic Cooperation and Development) scientists: a link to the substantial OECD report by Peter Sommer and Ian Brown on "Reducing System Cybersecurity Risk" is also appended. And F-Secure have a "wrap-up" video up on Youtube, though I think that might be a bit premature (good blog article, though). Heise also have an article on a SCADA-related exploit, not directly related but interesting.

18th January 2011: more articles following on from New York Times story, by Kim Zetter, Bret Stephens and Jeffrey Carr. And a tinfoil special from extendedsubset.com (thanks for the pointer, Aryeh!): added a couple of the links referenced in that blog.

19th January 2011:

The H Online: Stuxnet not such a masterpiece after all?

John Leyden in The Register: Lame Stuxnet worm 'full of errors', says security consultant: My teenage son could code better

Wayne Madsen: Stuxnet: A Violation of US Computer Security Law – c/p with permission from Wayne Madsen Reports

First, let me thank you for your great blog. You are a magnificient source of infosec all-around-stuff for me and you always make me think and analyze.

I’ve got a possible new link for your Stuxnet resource:

It is a possible Finnish-chinese connection. It is as “shady” as and guess-work as all others who say it was US-Israel who did it. Maybe even more. But it’s interesting to read too.

Cheers!

David Harley

@Furoner, thanks for the compliment and the link. In fact, I actually flagged it in the original post and in the last update to the full Stuxnet analysis (version 1.31), but I agree: it’s a plausible and well-written analysis, that deservers to be read alongside the Wall Street Journal’s. Which doesn’t mean, of course, that I unreservedly accept the underlying hypothesis of either article. :)

Furoner

Probably the link was deleted, maybe this other way will not be removed: